{"id":"MAL-2025-6470","summary":"Malicious code in bulktweetbyref (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b6e44fa722cba73a0757878305b8641ff0539e6c32ffff20b9484ce39ce6a1aa)\nUsing the function simulates some behavior, but then download and runs an Infostealer\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-06-bulktweetbyref\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - malware\n\n\n - infostealer\n","modified":"2026-03-19T12:51:27.154902Z","published":"2025-06-18T05:42:14Z","database_specific":{"malicious-packages-origins":[{"sha256":"cc17a758efb55184f78eaea608bb6c116129e75817337ec22401cdb5866f9b09","id":"RLMA-2025-03555","import_time":"2025-08-01T10:07:10.117556007Z","source":"reversing-labs","versions":["0.1.0"],"modified_time":"2025-07-31T19:14:27Z"},{"sha256":"37f9a6adf2f6bceb8d49b86e00e8fd1d6303e73370f5d9620bfe678dd12525df","id":"pypi/2025-06-bulktweetbyref/bulktweetbyref","import_time":"2025-12-02T22:30:55.021315068Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-06-18T05:42:14Z"},{"sha256":"b6e44fa722cba73a0757878305b8641ff0539e6c32ffff20b9484ce39ce6a1aa","id":"pypi/2025-06-bulktweetbyref/bulktweetbyref","import_time":"2025-12-02T23:07:18.038459587Z","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-06-18T05:42:14Z"},{"sha256":"d00b2c8787d63545a7825835db960ce79bb2e2b2c952323eeb2d8e292d4977e1","id":"pypi/2025-06-bulktweetbyref/bulktweetbyref","import_time":"2025-12-10T21:38:57.330820928Z","source":"kam193","versions":["0.1.0"],"modified_time":"2025-06-18T05:42:14Z"},{"sha256":"b71f763feda620fb8a04ef988df6ca000b618e0187de9b2aa2989069c0ed33c2","id":"RLUA-2026-00161","import_time":"2026-03-19T12:19:30.923777666Z","source":"reversing-labs","modified_time":"2026-03-18T12:12:05Z"}],"iocs":{"urls":["https://github.com/kokochatgpcod/akaak/releases/download/nothinfgg/allinone.exe"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/bulktweetbyref"}],"affected":[{"package":{"name":"bulktweetbyref","ecosystem":"PyPI","purl":"pkg:pypi/bulktweetbyref"},"versions":["0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bulktweetbyref/MAL-2025-6470.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}